You can do this in many ways... Two ways we handle similar types of rules are below.
1. Connection-Aware grouping so that when connect to a trusted network you would allow RDP.
2. Create a rule based on a executable file and set the (File Description, Fingerprint, Signer). Setting all depends on how restrictive you want to be for your rules. If you go this way this rule will need to be above your blocking rule for RDP.
Thank you youngs, I'll give it a shot...